Web Developer Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, Engineering, or related field.
• Minimum of 5 years of experience supporting Application Security, Web Application Security, Secure Software Development, DevSecOps, or related disciplines.
• Experience supporting secure software development and vulnerability remediation activities.
• Strong understanding of OWASP Top 10, secure coding standards, and web application security best practices.
• Experience developing or supporting modern web applications utilizing technologies such as .NET, C#, HTML5, CSS3, JavaScript, REST APIs, and SQL.
• Experience performing log analysis, security monitoring, and investigation of web application security events.
• Experience deploying, configuring, and maintaining Web Application Firewalls (WAFs).
• Experience supporting File Integrity Monitoring (FIM) solutions and security monitoring technologies.
• Familiarity with security testing tools and technologies such as SIEM, IDS/IPS, EDR, NDR, or similar platforms.
• Experience implementing DevSecOps principles and integrating security controls into CI/CD pipelines.
• Ability to perform risk assessments, analyze cyber threats, and provide remediation recommendations.
• Strong written and verbal communication skills.
• Ability to work independently and collaboratively within multidisciplinary teams.
• Ability to successfully complete and maintain a government background investigation.
• Current security certification(s) such as: CSSLP, GWEB, CASE, OSWE, OSCP, Security+, GSEC, or equivalent.

Nice To Haves

• Experience supporting federal government environments.
• Experience supporting NIST SP 800-53, FISMA, FedRAMP, and security authorization activities.
• Experience with threat modeling, security architecture reviews, and secure application design.
• Experience implementing advanced DevSecOps practices and automated security controls.
• Experience with AWS cloud security and container security technologies including Docker and Kubernetes.
• Experience leveraging AI-assisted development tools to support security monitoring, automation, and compliance activities.
• Experience developing security metrics, audit reporting, and compliance documentation.

Responsibilities

• Identify, analyze, and remediate web application vulnerabilities, insecure dependencies, misconfigurations, and security weaknesses.
• Support vulnerability management activities throughout the software development lifecycle, including threat modeling, security assessments, remediation validation, and risk reduction efforts.
• Integrate security controls into web applications, APIs, and supporting services using secure-by-design principles.
• Support implementation of secure communication protocols, data protection mechanisms, and application security controls.
• Obtain, review, and analyze web server and application logs to identify anomalies and indicators of compromise.
• Support incident response activities related to web application security events and investigations.
• Develop automation scripts and processes to improve threat detection, security monitoring, and compliance reporting.
• Maintain documentation related to findings, remediation activities, security controls, and operational procedures.
• Support compliance with federal cybersecurity frameworks including NIST SP 800-53, FISMA, and FedRAMP requirements.
• Participate in audits, risk assessments, security reviews, and authorization activities.
• Collaborate with cross-functional teams to improve application security posture and support continuous security enhancements.
• Support implementation of DevSecOps practices and security controls throughout CI/CD pipelines.

Benefits

• competitive pay
• comprehensive health coverage
• flexible PTO
• federal holidays off
• tuition reimbursement
• professional development support
• wellness stipends